Deck 1

Question 1

How much data can be stored on S3

Answer 1

Unlimited

Question 2

An object can be of any size ranging from 1 byte to

Answer 2

5 TB

Question 3

The largest object that can be uploaded in a single PUT is

Answer 3

5 GB

Question 4

What does cloudformation not support

Answer 4

Amazon Glacier

Question 5

The AWS Storage Gateway is

Answer 5

a service connecting an on-premises software appliance with cloud-based storage to provide seamless and secure integration between an organization’s on-premises IT environment and AWS’s storage infrastructure.

Question 6

What kind of security is used on Amazon Glacier

Answer 6

Amazon Glacier is protected using serverside encryption. AWS generates separate unique encryption keys for each Amazon Glacier archive, and encrypts it using AES-256. The encryption key then encrypts itself using AES-256 with a master key that is stored in a secure location.

Question 7

In Amazon Glacier, the volume of storage billed in a month is based on the average storage used throughout the month, measured in

Answer 7

Gigabyte months

Question 8

Amazon Glacier prepares an inventory for each vault periodically, every _______. If there have been no archive additions or deletions to the vault since the last inventory, _______________________

Answer 8

24 Hours

The inventory date is not updated

Question 9

There is no maximum limit to the total amount of data that can be stored in Amazon Glacier. Individual archives are limited to a maximum size of

Answer 9

40 Terabytes

Question 10

What is the limit of Glacier - Total Number of Archivers or Total Volume of archives

Answer 10

Neither

Question 11

Archives stored in Amazon Glacier are immutable which means

Answer 11

archives can be uploaded and deleted but cannot be edited or overwritten.

Question 12

What happens when the user requests to restore an S3 object archived in Glacier?

Answer 12

AWS S3 creates temporary copy of the object in RRS.

Question 13

For customers who have architected complex transactional databases using EBS, it is recommended that

Answer 13

backups to Amazon S3 be performed through the database management system so that distributed transactions and logs can be checkpointed

Question 14

AWS Import/Export supports:

Answer 14

Import to Amazon S3
Export from Amazon S3
Import to Amazon EBS
Import to Amazon Glacier

Question 15

AWS Import/Export does not currently support

Answer 15

export from Amazon EBS or Amazon Glacier.

Question 16

In Amazon Glacier, which operations require programming?

Answer 16

In Amazon Glacier, any archive operation, such as upload, download, and delete, requires programming. There is no console support for archive operations.

Question 17

Some services support resource-based permissions, which let you attach policies to the service’s resources instead of to IAM users or groups which services are these?

Answer 17

Resource-based permissions are supported by Amazon S3, Amazon SNS, and Amazon SQS.

Question 18

AWS S3 provides multiple options to achieve the protection of data at REST. The options include

Answer 18

Configurable Protections
Permission (Policy), 
Encryption (Client and Server Side), 
Bucket Versioning  
MFA based delete. 
Automatic Protections
Replication across all availability zones

Question 19

What does s3 stand for

Answer 19

Simple Storage Service

Question 20

How do you allow anyone to access your S3 bucket

Answer 20

use an Amazon S3 bucket policy that specifies a wildcard (*)

Question 21

Using multipart upload provides the following advantages:

Answer 21

Improved throughput—You can upload parts in parallel to improve throughput.
Quick recovery from any network issues—Smaller part size minimizes the impact of restarting a failed upload due to a network error.
Pause and resume object uploads—You can upload object parts over time. Once you initiate a multipart upload there is no expiry; you must explicitly complete or abort the multipart upload.
Begin an upload before you know the final object size—You can upload an object as you are creating it.

Question 22

You have been given a scope to set up an AWS Media Sharing Framework for a new start up photo sharing company similar to flickr. The first thing that comes to mind about this is that it will obviously need a huge amount of persistent data storage for this framework. Which of the following storage options would be appropriate for persistent storage?

Answer 22

Persistent storage—If you need persistent virtual disk storage similar to a physical disk drive for files or other data that must persist longer than the lifetime of a single Amazon EC2 instance, Amazon EBS volumes or Amazon S3 are more appropriate

Question 23

How are you billed for Virtual Tape Shelf usage on Glacier

Answer 23

You are billed for the virtual tape data you store in Amazon Glacier. You are only billed for the portion of virtual tape capacity that you use, not for the size of the virtual tape.

Question 24

For Amazon Web Services, the Web identity federation allows you to create cloud-backed mobile apps that

Answer 24

use public identity providers, such as login with Facebook, Google or Amazon

Question 25

You are designing a web application that stores static assets in an Amazon Simple Storage Service (S3) bucket.
You expect this bucket to immediately receive over 150 PUT requests per second.
What should you do to ensure optimal performance?

Answer 25

Add a random prefix to the key names.

Question 26

A client application requires operating system privileges on a relational database server.
What is an appropriate configuration for highly available database architecture?

Answer 26

Not RDS - no operating system privileges

Question 27

A Solutions Architect is designing a web application. The web and application tiers need to access the Internet, but they cannot be accessed from the Internet.
Which of the following steps is required?

Answer 27

Launch a NAT gateway in the public subnet and add a route to it from the private subnet.

Question 28

An Administrator is hosting on application on a single Amazon EC2 instance, which users can access by the public hostname. The administrator is adding a second instance, but does not want users to have to decide between many public hostnames.
Which AWS service will decouple the users from specific Amazon EC2 instances?

Answer 28

Auto Scaling group

Question 29

You are launching an application in an Auto Scaling group. To store the user session state, you need a structured storage service with durability and low latency.
Which service meets your needs?

Answer 29

Amazon DynamoDB

Question 30

A Solutions Architect is designing a three-tier web application that includes an Auto Scaling group of Amazon EC2 Instances running behind an ELB Classic Load Balancer. The security team requires that all web servers must be accessible only through the Load Balancer and that none of the web servers are directly accessible from the Internet.
How should the Architect meet these requirements?

Answer 30

Create an Amazon CloudFront distribution in front of the ELB Classic Load Balancer

Question 31

A company has a workflow that sends video files from their onpremise system to AWS for Trans coding. They use EC2 worker instances that pull Trans coding jobs from SQS an appropriate service for this scenario?

Answer 31

SQS helps to facilitate horizontal scaling of encoding tasks

Question 32

A photo sharing service stores pictures in Amazon Simple Storage Service (S3) and allows application signin using an Open ID Connect compatible identity provider. Which AWS Security Token approach to temporary access should you use for the Amazon S3 operations?

Answer 32

SAML-based identity Federation

Question 33

A company has reproducible data that they want to store on Amazon Web Services. The company may want to retrieve the data on a frequent basis. Which Amazon web services storage option allows the customer to optimize storage costs and still achieve high availability for their data?

Answer 33

Amazon S3 Reduced Redundancy Storage

Question 34

A Solutions Architect is designing an application in AWS. The Architect must not expose the application or database tier over the Internet for security reasons. The application must be low-cost and have a scalable front end. The databases and application tier must have only one-way Internet access to download software and patch updates Which solution helps to meet these requirements?

Answer 34

Use an ELB Classic Load Balancer as the front end for the application tier, and a NAT Gateway to allow Internet access for private resources

Question 35

Application Load Balancers, Network Load Balancers, and Classic Load Balancers. There is a key difference between the way you configure these load balancers

Answer 35

With Application Load Balancers and Network Load Balancers, you register targets in target groups, and route traffic to the target groups. With Classic Load Balancers, you register instances with the load balancer.

Question 36

A customer owns a MySQL database that is accessed by various clients who expect, at most 100 ms latency on requests. Once a record is stored in the database, it is rarely changed Clients only access one record at a time.
Database access has been increasing exponentially due to increased client demand. The resultant load will soon exceed the capacity of the most expensive hardware available for purchase. The customer wants to migrate to AWS, and is willing to change database systems.
Which service would alleviate the database load issue and offer virtually unlimited scalability for the future?

Answer 36

Amazon Redshift

Question 37

What is the minimum interval for the data that Amazon CloudWatch receives and aggregates?

Answer 37

1 Minute

Question 38

Your Amazon RDS MySQL DB instance runs on the largest available instance type. The DB instance runs at near capacity for CPU and network bandwidth. You expect traffic to increase and are looking for ways you can continue to scale your database. Which strategies allow you to continue to scale and take on more traffic?

Answer 38

D. Create a read replica of the master database in another Availability Zone (needs to be another AZ); configure the app to send read-only calls to the replica.
E. Create an Amazon Elasticache cluster; configure the app to retrieve frequently accessed data and queries from the cache.

Question 39

After launching an instance that you intend to serve as NAT (Network Address Translation) device in a public subnet you modify your route tables to have the NAT device be the target of internet bound traffic of your private subnet. When you try and make an outbound connection to the internet from an instance in the private subnet, you are not successful. Which of the following steps could resolve the issue?

Answer 39

A. Disabling the Source/Destination check attribute on the NAT instance

Question 40

If you choose to create a NAT gateway in your VPC, you are charged for

Answer 40

each “NAT Gateway-hour” that your NAT gateway is provisioned and available

Question 41

Data transfer costs for transferring data in the same region and within the same availability zone are zero, with one caveat

Answer 41

you must be using a private IP address.

Question 42

When an EC2 EBSbackend (EBS root) instance is stopped. What happens to the data on any Ephemeral store volumes?

Answer 42

Data will be deleted and will no longer be accessible

Question 43

A customer’s security team requires the logging of all network access attempts to Amazon EC2 instances in their production VPC on AWS.Which configuration will meet the security team’s requirement?

Answer 43

Enable VPC Flow Logs for the production VPC.

Question 44

A company collects click-stream data from amazon EC2 instances that are in an auto scaling group. The age data feeds a centralized dashboard and is critical to the company’s business. Which method will help ensure data is collected before an auto scaling policy terminates an instance from the auto scaling group?

Answer 44

Use Auto Scaling lifecycle hooks

Question 45

You are designing a scalable web application with stateless web servers. Which service or feature is well suited to store user session information?

Answer 45

Amazon EC2 instance store

Question 46

A company has a popular multi-player mobile game hosted in its on-premises datacenter. The current infrastructure can no longer keep up with demand end the company is considering a move to the cloud.
Which solution should a Solutions Architect recommend as me MOST scalable and cost- effective solution to meet these needs?

Answer 46

Amazon EC2 and an Application Load Balancer

Question 47

A customer has a public-facing web application hosted on a single amazon Elastic compute Cloud (EC2) instance and serving videos directly from an amazon simple storage service bucket. Which of the following will restrict third parties from directly accessing the video assets in the bucket?

Answer 47

Use a bucket policy to only allow the public IP address of the Amazon EC2 instance hosting the customer website

Question 48

You need a solution to distribute traffic across all the containers for a task running on Amazon ECS. Your task definitions define dynamic host port mapping for your containers.
What AWS feature provides this functionality?

Answer 48

Application Load Balancers support dynamic host port mapping

Question 49

You are running a web application with four Amazon EC2 instances across two Availability Zones. The instances are in an Auto Scaling group behind an ELB Classic Load Balancer. A scaling event adds one instance to the group. After the event, you notice that, although all instances are serving traffic, some instances are serving more traffic than others.
Which of the following could be the problem?

Answer 49

Cross-zone load balancing is not configuring on the ELB Classic Load Balancer

Question 50

You are working with a customers who is using chef configuration management in their data center. Which service is designed to let the customer leverage existing chef recipes in AWS?

Answer 50

AWS OpsWorks

Question 51

A company has a workflow that uploads video files from their data center to AWS for transcoding. They use Amazon EC2 worker instances that pull transcoding jobs from SQS.
Why is SQS an appropriate service for this scenario?

Answer 51

SQS checks the health of the worker instances.

Question 52

A Solutions Architect is designing a solution for a media company that will stream large amounts of data from an Amazon EC2 instance. The data streams are typically large and sequential, and must be able to support up to 500 MB/s.
Which storage type will meet the performance requirements of this application?

Answer 52

EBS Throughput Optimized HDD

Question 53

A retail company has sensors placed in its physical retail stores. The sensors send messages over HTTP when customers interact with in-store product displays. A Solutions Architect needs to implement a system for processing those sensor messages; the results must be available for the Data Analysis team.
Which architecture should be used to meet these requirements?

Answer 53

Implement an Amazon API Gateway to server as the HTTP endpoint. Have the API Gateway trigger an AWS Lambda function to process the messages, and save the results to an Amazon DynamoDB table.

Question 54

Can a placement group be deployed across multiple availability zones?

Answer 54

Yes

Question 55

You can launch or start instances in a placement group, which determines how instances are placed on underlying hardware. When you create a placement group, you specify one of the following strategies for the group

Answer 55

Cluster – clusters instances into a low-latency group in a single Availability Zone

Partition – spreads instances across logical partitions, ensuring that instances in one partition do not share underlying hardware with instances in other partitions

Spread – spreads instances across underlying hardware

Question 56

The Trusted Advisor service provides insight regarding which four categories of an AWS account?

Answer 56

Performance, cost optimization, security, and fault tolerance

Question 57

A company has an application that uses Amazon CloudFront for content that is hosted on an Amazon S3 bucket. After an unexpected refresh, the users are still seeing old content. Which step should the Solutions Architect take to ensure that new content is displayed?

Answer 57

Change the TTL value tor removing the old objects.

Question 58

You are deploying an application to track GPS coordinates of delivery trucks in the United States. Coordinates are transmitted from each delivery truck once every three seconds. You need to design an architecture that will enable real-time processing of these coordinates from multiple consumers. Which service should you use to implement data ingestion?

Answer 58

Amazon Kinesis

Question 59

A Solutions Architect needs a storage solution for a fleet of Linux web application servers. The solution should provide file system interface and be able to support millions of files. Which AWS service should the Architect choose?

Answer 59

Amazon Elastic File System

Question 60

A Solutions Architect needs to convert potential single points of failure to a highly-available configuration.
The current architecture contains Amazon EC2 instances with databases running in one Availability Zone.
Web-tier resources have not been given public addresses, but still require Internet access.
Which solution should the Architect use to maintain high availability?

Answer 60

Use ELB Classic Load Balancer with the web tier. Deploy EC2 instances in two Availability Zones and enable Multi-AZ RDS Deploy NAT gateways in both Availability Zones

Question 61

Which services natively encrypts data at rest within an AWS region? Choose 2 answers

Answer 61

Amazon Glacier

AWS storage Gateway

Question 62

A popular e-commerce application runs on AWS. The application encounters performance issues. The database is unable to handle the amount of queries and load during peak times. The database is running on the RDS Aurora engine on the largest instance size available.
What should an administrator do to improve performance?

Answer 62

Convert the database to use EBS Provisioned IOPS.

Question 63

A Solution Architect is trying to bring a data warehouse workload to an Amazon EC2 instance.
The data will reside in Amazon EBS volumes and full table scans will be executed frequently. What type of Amazon AWS EBS volume would be most suitable in this scenario?

Answer 63

General Purpose SSD (BUT WHY?)

Question 64

A company wants to migrate a highly transactional database to AWS Requirements state that the database has more than 6 TB of data and will grow exponentially.
Which solution should a Solutions Architect recommend?

Answer 64

Amazon Aurora

Question 65

Your company has set up an application in eu-west1 with a disaster recovery site in eu-central-1. You want to be notified of any AWS API activity in regions other than these two.
How can you monitor AWS API activity in other regions?

Answer 65

Create a CloudWatch alarm for CloudTrail events

Question 66

You are building a solution for a customer to extend their on-premises data centre to AWS. The customer requires a 50-Mbps dedicated and private connection to their VPC. Which AWS product or feature satisfies this requirement?

Answer 66

AWS Direct Connect

Question 67

A Solutions Architect is building an application on AWS that will require 20,000 IOPS on a particular volume to support a media event. Once the event ends, the IOPS need is no longer required. The marketing team asks the Architect to build the platform to optimize storage without incurring downtime.
How should the Architect design the platform to meet these requirements?

Answer 67

Change the EBS volume type to Provisioned IOPS.

Question 68

What is AWS STS?

Answer 68

AWS Security Token Service

Question 69

Name 2 security functions that are based on AWS STS?

Answer 69

1. Using Web federated identity to authenticate users

2. Using access keys to authenticate IAM users

Question 70

If you have an s3 endpoint in your VPC does this mean that no systems outside of your VPC can access the endpoint

Answer 70

No - the default policy allows full access to all AWS buckets and does not change the existing access to the buckets

Question 71

What is Amazon Athena?

Answer 71

A service that queries log files in a similar way to SQL

Question 72

A company has an application that uses Amazon CloudFront for content that is hosted on an Amazon S3 bucket. After an unexpected refresh, the users are still seeing old content. Which step should the Solutions Architect take to ensure that new content is displayed?

Answer 72

Change the TTL value tor removing the old objects.

Question 73

You’re building an API backend available at services.yourcompany.com. The API is implemented with API Gateway and Lambda. You successfully tested the API using curl. You implemented JavaScript to call the API from a webpage on your corporate website, www.yourcompany.com. When you access that page in your browser, you get the following error:
“The same origin policy disallows reading the remote resource”
How can you allow your corporate webpages to invoke the API?

Answer 73

Enable CORS in the API Gateway

Question 74

A bank is writing new software that is heavily dependent upon database transactions for write consistency. The application will also occasionally generate reports on data in the database, and will do joins across multiple tables. The database must automatically scale as the amount of data grows.
Which AWS service should be used to run the database?

Answer 74

Amazon DynamoDB

Question 75

S3 provides read-after-write consistency for any type of PUT or DELETE. True or False?

Answer 75

False

S3 provides eventual consistency for overwrite PUTS and DELETES.

Question 76

A Solutions Architect is designing a mobile application that will capture receipt images to track expenses. The Architect wants to store the images on Amazon S3. However, uploading images through the web server will create too much traffic. What is the MOST efficient method to store images from a mobile application on Amazon S3?

Answer 76

Upload directly to S3 using a pre-signed URL

Question 77

Your existing web application requires a persistent key-value store database that must service 50,000 reads/second. Your company is looking at 10% growth in traffic and data volume month over month for the next several years. Which service meets these requirements?

Answer 77

Amazon DynamoDB

Question 78

AWS is responsible for Encryption of traffic within a virtual private cloud (True or False)

Answer 78

False

Question 79

You are deploying an application to track GPS coordinates of delivery trucks in the United States. Coordinates are transmitted from each delivery truck once every three seconds. You need to design an architecture that will enable real-time processing of these coordinates from multiple consumers. Which service should you use to implement data ingestion?

Answer 79

Amazon Kinesis

Question 80

A Solutions Architect needs a storage solution for a fleet of Linux web application servers. The solution should provide file system interface and be able to support millions of files. Which AWS service should the Architect choose?

Answer 80

Amazon ElastiCache

Question 81

True or false Amazon Glacier natively encrypts data at rest within an AWS region

Answer 81

True

Question 82

True of false Amazon Storage Gateway natively encrypts data at rest within an AWS region

Answer 82

True

Question 83

A popular e-commerce application runs on AWS. The application encounters performance issues. The database is unable to handle the amount of queries and load during peak times. The database is running on the RDS Aurora engine on the largest instance size available.
What should an administrator do to improve performance?

Answer 83

Convert the database to use EBS Provisioned IOPS.

Question 84

A Solution Architect is trying to bring a data warehouse workload to an Amazon EC2 instance.
The data will reside in Amazon EBS volumes and full table scans will be executed frequently. What type of Amazon AWS EBS volume would be most suitable in this scenario?
A. Throughput Optimized HDD (st1)
B. Provisioned IOPS SSD (io1)
C. General Purpose SSD (gp2)
D. Cold HDD (sc1)

Answer 84

C. General Purpose SSD (gp2)

Question 85

Amazon EBS provides a range of options that allow you to optimize storage performance and cost for your workload. These options are divided into two major categories

Answer 85

1. SSD-backed storage for transactional workloads, such as databases and boot volumes
2. HDD-backed storage for throughput intensive workloads, such as MapReduce and log processing

Question 86

One would use SSD volumes for ________ intensive work loads but HDD volumes for ________ intensive

Answer 86

IOPS intensive

MB/s intensive

Question 87

Your company has set up an application in eu-west1 with a disaster recovery site in eu-central-1. You want to be notified of any AWS API activity in regions other than these two.
How can you monitor AWS API activity in other regions?

Answer 87

Create a CloudWatch alarm for CloudTrail events

Question 88

You are building a solution for a customer to extend their on-premises data centre to AWS. The customer requires a 50-Mbps dedicated and private connection to their VPC. Which AWS product or feature satisfies this requirement?

Answer 88

AWS Direct Connect

Question 89

A Solutions Architect is building an application on AWS that will require 20,000 IOPS on a particular volume to support a media event. Once the event ends, the IOPS need is no longer required. The marketing team asks the Architect to build the platform to optimize storage without incurring downtime.
How should the Architect design the platform to meet these requirements?

Answer 89

Change the EBS volume type to Provisioned IOPS.

Question 90

Which security functions are based on AWS STS? Choose 2 answers
A. Adding conditions to managed policies
B. Using Web federated identity to authenticate users
C. Using IAM roles with Amazon EC2 instances
D. Assigning managed policies to IAM groups
E. Using access keys to authenticate IAM users

Answer 90

B and E

Question 91

A Solutions Architect is designing a VPC. Instances in a private subnet must be able to establish IPv6 traffic to the Internet. The design must scale automatically and not incur any additional cost. This can be accomplished with:

Answer 91

an egress-only internet gateway

Question 92

An organization hosts 10 microservices, each in an Auto Scaling group behind individual Classic Load Balancers Each EC2 instance is running at optimal load.
Which of the following actions would allow the organization to reduce costs without impacting performance?
A. Reduce the number of EC2 instances behind each Classic Load Balancer
B. Change instance types in the Auto Scaling group launch configuration.
C. Change the maximum size but leave the desired capacity of the Auto Scaling groups
D. Replace the Classic Load Balancers with a single Application Load Balancer

Answer 92

B. Change instance types in the Auto Scaling group launch configuration.

Question 93

A Solutions Architect is about to deploy an API on multiple EC2 instances in an Auto Scaling group behind an ELB The support team has the following operational requirements
1 They get an alert when the requests per second go over 50,000
2 They get an alert when latency goes over 5 seconds
3 They can validate how many times a day users call the API requesting highly-sensitive data Which combination of steps does the Architect need to take to satisfy these operational requirements? (Select TWO.)

Answer 93

B. Create a custom CloudWatch metric to monitor the API for data access
D. Ensure that detailed monitoring for the EC2 instances is enabled

Question 94

A customer needs to deploy a NoSQL-based datastore to Amazon EC2 instances. The NoSQL software has native replication for durability of the data store. Which of the following storage options is the most cost-effective and performs best for the data store?
A. Amazon EBS Magnetic volumes
B. Amazon EBS provisioned IOPS volumes
C. Amazon EBS general purpose SSD volumes
D. SSD-based Amazon EC2 instance store volumes

Answer 94

B. Amazon EBS provisioned IOPS volumes

Question 95

An organization runs an online voting system for a television program. During broadcasts, hundreds of thousands of votes are submitted within minutes and sent to a front-end feet of auto- scaled Amazon EC2 instances. The EC2 instances push the votes to a RBDMS database. The database is unable to keep up with the front-end connection requests.
What is the MOST efficient and cost-effective way of ensuring that votes are processes in a timely manner?

Answer 95

Each front-end node should send votes to an Amazon SQS queue. Provision worker instances to read the SQS queues and process the message information into the RBDMS database

Question 96

A Solutions Architect is developing a solution for sharing files in an organization. The solution must allow multiple users to access the storage service at once from different virtual machines and scale automatically. It must also support file-level locking.
Which storage service meets the requirements of this use case?

Answer 96

Amazon EFS

Question 97

A TTL can be set for an Alias record in Amazon Route 53. (True or False)

Answer 97

False

Question 98

What does TTL in DNS mean

Answer 98

TTL (Time to Live) is a setting for each DNS record that specifies how long a resolver is supposed to cache (or remember) the DNS query before the query expires and a new one needs to be done

Question 99

An Amazon Route 53 Alias record can point to any DNS record hosted anywhere (True or False)

Answer 99

False

Question 100

An Amazon Route 53 CNAME record can point to any DNS record hosted anywhere. True or False

Answer 100

True

Question 101

A company is using AWS Key Management Service (AWS KMS) to secure their Amazon RDS databases. An auditor has recommended that the company log all use of their AWS KMS keys.
What is me SIMPLEST solution?

Answer 101

Use AWS CloudTrail to log AWS KMS key usage.

Question 102

A Solutions Architect needs to design an Amazon EC2 duster to analyze data that is currently stored in Amazon S3. A key requirement is to utilize the fastest storage service available when analyzing the data locally on the Amazon EC2 instance.
Which of the following storage types should the Architect choose to meet the requirement?
A. AWS Storage Gateway
B. Amazon EBS using Provisioned IOPS (PIOPS)
C. Amazon EC2 instance (ephemeral) Store
D. Amazon Glacier

Answer 102

B. Amazon EBS using Provisioned IOPS (PIOPS)

Question 103

You manually launch a NAT AMI in a public subnet. The network in properly configured. Security groups and network access control lists are properly configured. Instances in a private subnet can access the NAT. The NAT can access the internet. However, private instances cannot access the internet. What additional step is required to allow access from the private instances?
A. Enable Source/Destination check on the private instances
B. Enable Source/Destination check on the NAT instance
C. Disable Source/Destination check on the private instance
D. Disable Source/Destination check on the NAT instance

Answer 103

D. Disable Source/Destination check on the NAT instance

Question 104

Which of the following are true regarding encrypted Amazon Elastic Block Store (EBS) volumes? Choose 2 answers
A. Snapshots are automatically encrypted
B. Existing volumes can be encrypted
C. Supported on all Amazon EBS volume types
D. Available to all instances types
E. Shared volumes can be encrypted

Answer 104

A. Snapshots are automatically encrypted

C. Supported on all Amazon EBS volume types

Question 105

A customer need to capture all client connection information from their load balancer every five minutes. The company wants to use this data for analyzing traffic patterns and troubleshooting their applications. Which of the following options meets the customer requirements?
A. Enable access logs on the load balancer
B. Enable Amazon CloudWatch metrics on the load balancer
C. Enable AWS CloudTrail for the load balancer
D. Install the Amazon CloudWatch logs agent on the load balancer
Why is B not the right answer

Answer 105

A. Enable access logs
B is not correct because
Elastic Load Balancing reports metrics to CloudWatch only when requests are flowing through the load balancer. If there are requests flowing through the load balancer, Elastic Load Balancing measures and sends its metrics in 60-second intervals. If there are no requests flowing through the load balancer or no data for a metric, the metric is not reported.

Question 106

Spot Instances are a cost-effective choice if

Answer 106

you can be flexible about when your applications run and if your applications can be interrupted.

Question 107

Scheduled Reserved Instances (Scheduled Instances) enable you to purchase capacity reservations that

Answer 107

recur on a daily, weekly, or monthly basis, with a specified start time and duration, for a one-year term.

Question 108

which storage service office single-digit millisecond latency at any scale

Answer 108

DynamoDB

Question 109

You are deploying an application to collect votes for a very popular television show. Millions of users will submit votes using mobile devices. The votes must be collected into a durable, scalable, and highly available data store for real-time public tabulation. Which service should you use?

Answer 109

Amazon Kinesis

Question 110

If you want to setup a web server on EC2 with multiple Virtual Hosts Using distinct SSL certificates you need to:

Answer 110

Create one Amazon Elastic Load Balancer with SSL termination

Question 111

What is Latency-based Routing

Answer 111

If your application is hosted in multiple AWS Regions, you can improve performance for your users by serving their requests from the AWS Region that provides the lowest latency.

Question 112

Name three AWS services that are not Lambda Event Sources

Answer 112

Amazon Route53
Amazon Redshift
Elastic Load Balancing

Question 113

What is a placement group?

Answer 113

A feature that enables EC2 instances to interact with each other via high bandwidth, low latency connections

Question 114

What allows you to extend your queries to your S3 data lake without having to load the data

Answer 114

Amazon Athena

Question 115

_________ is a tool designed to work with data of up to dozens of petabytes. Powered by PostgreSQL, it is mostly applied to any kind of SQL applications with minimum changes

Answer 115

Amazon Redshift

Question 116

Redshift is a cloud-based data warehouse offered by Amazon. It exposes a Postgres-like interface, but under the hood it’s different in a couple ways:

Answer 116

Data is stored in columns
It is distributed
It doesn’t support indexes
Constraints aren’t enforced

Question 117

Is it possible to encrypt and existing unencrypted EBS volume

Answer 117

No

Question 118

A global multi-player game has a multi-master topology, storing data in multiple AWS regions. Each master stays in sync by consuming and replaying the changes that occur in the remote regions. How could you do this?

Answer 118

DynamoDB streams

Question 119

A Solutions Architect must design a solution that encrypts data in Amazon S3 Corporate policy mandates encryption keys be generated and managed on premises Which solution should the Architect use to meet the security requirements?

Answer 119

SSE-KMS. Server-side encryption with AWS KMS managed keys

Question 120

Why would you create your own CMK?

Answer 120

Creating your own CMK gives you more flexibility, including the ability to create, rotate, disable, and define access controls, and to audit the encryption keys used to protect your data.

Question 121

A Solutions Architect is designing a microservices-based application using Amazon ECS. The application includes a WebSocket component, and the traffic needs to be distributed between microservices based on the URL.
Which service should the Architect choose to distribute me workload?

Answer 121

ELB Application Load Balancer

Question 122

A customer owns a simple API for their website that receives about 1,000 requests each day and has an average response time of 50 ms. It is currently hosted on one c4.large instance. Which changes to the architecture will provide high availably at the LOWEST cost?

Answer 122

Recreate the API using Amazon API Gateway and use AWS Lambda as the service backend.

Question 123

Why is the API gateway plus lambda sometimes the cheapest?

Answer 123

It is a charge per request model so when there are not a large number of requests charges are minimal

Question 124

What is Throughput Optimized HDD (st1) designed for

Answer 124

Designed for high-throughput MapReduce, Kafka, ETL, log processing, and data warehouse workloads

Question 125

An organization is currently hosting a large amount of frequently accessed data consisting of key-value pairs and semi-structured documents in their data center. They are planning to move this data to AWS.
Which of one of the following services MOST effectively meets their needs?

Answer 125

Amazon DynamoDB

Question 126

You are working with a customer who is using Chef configuration management in their data center. Which service is designed to let the customer leverage existing Chef recipes in AWS?

Answer 126

AWS OpsWorks

Question 127

How do you encrypt data in redshift?

Answer 127

You can enable encryption when you launch your cluster, or you can modify an unencrypted cluster to use AWS Key Management Service (AWS KMS) encryption

Question 128

If you are using AWS Key Management Service (AWS KMS) encryption to encrypt a Redshift cluster do you use a an AWS-managed key or a customer-managed key (CMK)

Answer 128

either

Question 129

Why would you configure EBS volumes into a raid 0?

Answer 129

To increase throughput
The standard RAID 0 advantage is that it provides n times higher data read and write where n is the number of EBS volumes within your RAID array.

Question 130

Which set of Amazon S3 features helps to prevent and recover from accidental data loss?

Answer 130

Object versioning and Multi-factor authentication

Question 131

An organization designs a mobile application for their customers to upload photos to a site The application needs a secure login with MFA. The organization wants to limit the initial ouiW time and maintenance of the solution.
Which solution should a Solutions Architect recommend to meet the requirements?

Answer 131

Use Amazon Cognito Identity with SMS-based MFA

Question 132

You originally built a VPC for a two-tier application. The subnets for the web and data tiers use all the IP address space in the VPC. Now you want to add subnets for an application tier.
How can you accommodate the new subnets in your VPC?

Answer 132

Change the CIDR block for the VPC to create enough free address space for the new subnets

Question 133

Which service should an organization use if it requires an easily managed and scalable platform to host its web application running on Nginx?

Answer 133

AWS Elastic Beanstalk

Question 134

What is AWS Import / Export

Answer 134

A method of getting large numbers of data into AWS Storage using portable storage devices for transport

Question 135

Which AWS service allows you to collect and process e-commerce data for near real-time analysis?

Answer 135

Amazon Elastic Map reduce

Question 136

A Solutions Architect is designing a solution that can monitor memory and disk space utilization of all Amazon EC2 instances running Amazon Linux and Windows. Which solution meets this requirement?
A. Default Amazon CloudWatch metrics
B. Custom Amazon CloudWatch metrics
C. Amazon inspector resource monitoring
D. Detailed monitoring of Amazon EC2 instances

Answer 136

A. Default Amazon CloudWatch metrics

Question 137

Your Auto Scaling group is configured to launch one new Amazon EC2 instance if the overall CPU load exceeds 65% over a five-minute interval. Occasionally, the Auto Scaling group launches a second Amazon EC2 instance before the first is operational. The second instance is not required and introduces needless compute costs. How can you prevent the Auto Scaling group from launching the second instance?

Answer 137

Add a scaling-specific cooldown period to the scaling policy

Question 138

Your customers located around the globe require low-latency access to private video files. Which configuration meets these requirements?
A. Use Amazon CloudFront with signed URLs
B. Use Amazon EC2 with provisioned IOPS Amazon EBS volumes
C. Use Amazon S3 with signed URLs
D. Use Amazon S3 with access control lists

Answer 138

A. Use Amazon CloudFront with signed URLs

Question 139

What is the difference between
Provisioned IOPS SSD (io1) and
Throughput Optimized HDD (st1)

Answer 139

Provisioned IOPS SSD (io1) Highest-performance SSD volume for mission-critical low-latency or high-throughput workloads
Throughput Optimized HDD (st1) Low-cost HDD volume designed for frequently accessed, throughput-intensive workloads

Question 140

Developers are creating a new online transaction processing (OLTP) application for a small database that is very read-write intensive. A single table in the database is updated continuously throughout the day, and the developers want to ensure that the database performance is consistent.
Which Amazon EBS storage option will achieve the MOST consistent pertoimance to help maintain application performance?
A. Provisioned IOPS SSD
B. General Purpose SSD
C. Cold HDD
D. Throughput Optimized HDD

Answer 140

A. Provisioned IOPS SSD

Throughput Optimized HDD is lower cost but Provisioned IOPS SSD is more consistent

Question 141

An application provides a feature that allows users to securely download private and personal files. The web server is currently overwhelmed with serving files for download. A Solutions Architect must find a more effective solution to reduce web server load and costs, and must allow users to download only their own files Which solution meets all requirements?
A. Store the files securely on Amazon S3 and have the application generate an Amazon S3 pre-signed URL for the user to download.
B. Store the files in an encrypted Amazon EBS volume, and use a separate set of servers to serve the downloads.
C. Have the application encrypts the files and stores them in the local Amazon EC2 Instance Store prior to serving them up for download.
D. Create an Amazon CloudFront distribution to distribute and cache the files.

Answer 141

D. Create an Amazon CloudFront distribution to distribute and cache the files.

Question 142

If you store your objects in an Amazon S3 bucket, you can either have users get your objects directly from S3, or you can configure CloudFront to get your objects from S3 and then distribute them to your users. (True or false)

Answer 142

True

Question 143

Is it possible to store an access key on an Amazon EC2 instance with rights to a Dynamo DB table.

Answer 143

Yes

Question 144

A customer is hosting their company website on a cluster of web servers that are behind a public-facing load balancer. The customer also uses Amazon Route S3 to manage their public DNS. How should the customer configure the DNS zone apex record to point to the load balancer?

Answer 144

Create a CNAME record aliased to the load balancer DNS name

Question 145

Per the AWS Acceptable Use Policy, Penetration testing of EC2 instances:

Answer 145

May be performed by the customer on their own instances with prior authorization from AWS

Question 146

How would you choose between using amazon kinesis streams and firehose

Answer 146

use Kinesis Streams if you want to do some custom processing (with producers and consumers) with streaming data. With Kinesis Firehose you are simply ingesting it into S3, Redshift or ElasticSearch.

Question 147

The AWS CloudHSM service is integrated with which of the following service? Choose 2 answers
A. Amazon Elastic Block Store
B. Amazon Simple Storage Service
C. Amazon redshift
D. Amazon DynamoDB
E. Amazon RDS (Oracle)

Answer 147

C. Amazon redshift

E. Amazon RDS (Oracle)

Question 148

What is CloudHSM?

Answer 148

Hardware Security Module
a security service that offers isolated hardware security module (HSM) appliances to give customers an extra level of protection for data with strict corporate, contractual and regulatory compliance requirements.

Question 149

Which of the following instance types are available as Amazon EBS backend only?
A. General purpose T2
B. General purpose M3
C. Compute-optimized C4
D. Compute-optimized C3
E. Storage-optimized 12

Answer 149

A. General purpose T2

C. Compute-optimized C4

Question 150

A user in account A has created a bucket and added a bucket policy allowing all actions for a user in account
B. the user in account B has uploaded a file to the bucket, specifying Amazon S3 server-side encryption (SSE) and Amazon S3 reduced redundancy storage (RRS). Using the AWS management console, the user in account A attempts to download the file from the bucket but gets an “Access Denied” error. What is causing the error?

Answer 150

Account B user has not granted READ permission to account A user

Question 151

Your security team requires each Amazon ECS task to have an IAM policy that limits the task’s privileges to only those required for its use of AWS services. How can you achieve this?

Answer 151

Use IAM roles for Amazon ECS tasks to associate a specific IAM role with each ECS task definition

Question 152

What is one key difference between an Amazon EBS-backed and an instance-store backed instance?

Answer 152

Amazon EBS-backed instances can be stopped and restarted

Question 153

Within a VPC, you need to allow a wide range of ports, and block several non-contiguous ports within the range. Which option will allow you to do this ?

Answer 153

Using a network ACL, place a DENY rule for ports to be blocked after the ALLOW rule for the wide range of ports

Question 154

A Solutions Architect was tasked with reviewing several templates that build VPCs and ensuring that they meet specific security requirements. After reviewing the templates, the Architect realizes that all of the templates are missing important security best practices.
What should the Architect do to implement security best practices in an efficient manner?

Answer 154

Create AWS identity and Access Management (IAM) policies that enforce the corporate VPC architecture standards

Question 155

For which of the following use cases are Simple Queue Service (SQS) and Amazon EC2 an appropriate solution? Choose 2 answers
A. Using as a distributed session store for your web application
B. Managing a multi-step and multi-decision checkout process of an e-commerce website
C. Using as an SNS endpoint to trigger execution of video transcoding jobs
D. Orchestrating the execution or distributed and auditable business processes
E. Using as an encrypted to collect thousands of data points per hour from a distributed fleet of sensors

Answer 155

Orchestrating the execution or distributed and auditable business processes
Using as an encrypted to collect thousands of data points per hour from a distributed fleet of sensors

Question 156

Common Amazon SNS Scenarios

Answer 156

Fanout
Push Email and Text Messaging
Application and System Alerts
Mobile Push Notifications
Message Durability

Question 157

A Solutions Architect needs to use AWS to implement pilot light disaster recovery for a three- tier web application hosted in an on-premises datacenter.
Which solution allows rapid provision of a working, fully-scaled production environment?
A. Continuously replicate the production database server to Amazon RDS Use AWS CloudFormation to deploy the application and any additional servers if necessary
B. Continuously replicate the production database server to Amazon RDS Create one application load balancer and register on-premises servers Configure ELB Application Load Balancer to automatically deploy Amazon EC2 instances for application and additional servers if the on- premises application is down.
C. Use a scheduled Lambda function to replicate the production database to AWS Use Amazon Route 53 health checks to deploy the application automatically to Amazon S3 if production is unhealthy
D. Use a scheduled Lambda function to replicate the production database to AWS Register on-premises servers to an Auto Scaling group and deploy the application and additional servers if production is unavailable.

Answer 157

B. Continuously replicate the production database server to Amazon RDS Create one application load balancer and register on-premises servers Configure ELB Application Load Balancer to automatically deploy Amazon EC2 instances for application and additional servers if the on- premises application is down.

Question 158

A development team is building an application win front-end and backend application tiers. Each tier consists of Amazon EC2 instances behind on ELB Classic Load Balancer. The instances run in Auto Scaling groups across multiple Availability Zones. The network team has allocated the
10.0.0.0/24 address space for this application. Only the front-end load balancer should be exposed to the Internet. There are concerns about the limited size of the address space and the ability of each tier to scale.
What should the VPC subnet design be in each Availability Zone?
A. One public subnet for the load balancer tier, one public subnet for the front-end tier, and one private subnet for the backend tier
B. One shared public subnet for all tiers of the application
C. One public subnet for the load balancer tier and one shared private subnet for the application tiers
D. One shared private subnet for all tiers of the application

Answer 158

A. One public subnet for the load balancer tier, one public subnet for the front-end tier, and one private subnet for the backend tier

Question 159

You are tasked with migrating a high throughput, distributed, fault-tolerent NoSQL data store to AWS. The system is extremely disk-IO intensive. Which instance family is best suited for this workload?

Answer 159

I2 eye-two

Question 160

A stray Amazon EC2 r3.8xlarge instance is running in your AWS account. Before terminating it, you want to find the owner to confirm that it is not needed.
Where can you find the identity that launched this instance?
A. CloudTrail logs
B. VPC flow logs
C. ELB access logs
D. Operating system logs

Answer 160

A. CloudTrail logs

Question 161

How does performance compare on EFS and EBS

Answer 161

EFS = 10+ GB per second.
EBS = Up to 2GB per second

Question 162

Use Cases for EFS

Answer 162

Big data and analytics, media processing workflows, content management, web serving, and home directories.

Question 163

Up to thousands of Amazon EC2 instances, from multiple AZs, can connect concurrently to a file system.
True or false

Answer 163

True

Question 164

Amazon EBS Provisioned IOPS use cases

Answer 164

Boot volumes,
transactional and NoSQL databases,
data warehousing,
and ETL.

Question 165

Your application currently stores data on an unencrypted EBS volume. A new security policy mandates that all data must be encrypted at rest. How can you encrypt the data?
A. Create a snapshot of the volume. Create a new, encrypted volume from the snapshot. Replace the volume.
B. Create a snapshot of the volume. Make an encrypted copy of the snapshot. Create a new volume from the new snapshot. Replace the volume.
C. Modify the EBS settings to encrypt the volume. You do need to detach the volume or stop the instance.
D. Stop the instance. Detach the volume. Modify the EBS settings to encrypt the volume. Reattach the volume. Start the instance.

Answer 165

C. Modify the EBS settings to encrypt the volume. You do need to detach the volume or stop the instance.

Question 166

Which of the following approaches provides the lowest cost for Amazon Elastic Block Store snapshots while giving you the ability to fully restore data?
A. Maintain a single snapshots: the latest snapshot is both incremental and complete
B. Maintain the most current snapshots, archive the original and incremental to Amazon Glacier
C. Maintain a volume snapshot: subsequent snapshots will overwrite one another
D. Maintain two snapshots: the original snapshot and the latest incremental snapshot

Answer 166

A. Maintain a single snapshots: the latest snapshot is both incremental and complete

Question 167

A customer has written an application that uses Amazon S3 exclusively as a data store. The application works well until the customer increases the rate at which the application is updating information. The customer now reports that outdated data occasionally appears when the application accesses objects in Amazon S3.
What could be the problem, given that the application logic is otherwise correct?

Answer 167

The application is reading parts of objects from Amazon S3 using a range header.

Question 168

What is asynchronous replication and when would one use it

Answer 168

asynchronous replication is not performed at the same time as changes are made in the primary storage. Data is replicated only in predetermined time periods (this could be hourly, daily, or weekly).
This can help to increase throughput during peak times.

Question 169

How can a user track memory usage in an EC2 instance?

Answer 169

Place en agent on the EC2 instance to push memory usage to an Amazon CloudWatch custom metric.

Question 170

A Solutions Architect is designing an architecture for a mobile gaming application. The application is expected to be very popular. The Architect needs to prevent the Amazon ROS MySQL database from becoming a bottleneck due to frequently accessed queries.
Which service or feature should the Architect add to prevent a bottleneck?

Answer 170

Amazon ElastiCache in front of the RDS MySQL Database.

Question 171

I created a new AWS Identity and Access Management (IAM) role, but I can’t find the role in the drop-down list when I launch an instance.

Answer 171

The drop-down list includes instance profiles and not IAM roles, but you can add an IAM role to an instance profile. You must choose the instance profile that has the required IAM role added to it.

Question 172

Which of the following items are required to allow an application deployed on an EC2 instance to write data to a DynamoDB table? Assume that to security keys are allowed to be stored on the EC2 instance.
A. Launch an EC2 instance with the IAM user included in the launch configuration
B. Create an IAM user that allows write access to the DynamoDB table
C. Add an IAM user to a running EC2 instance
D. Create an IAM role that allows write access to the dynamoDB table
E. Add an IAM role to a running EC2 instance
F. Launch an EC2 instance with the IAM role included in the launch configuration

Answer 172

D. Create an IAM role that allows write access to the dynamoDB table

F. Launch an EC2 instance with the IAM role included in the launch configuration

Question 173

A company needs to quickly ensure that all files created in an Amazon S3 bucket in us-east-1 are also available in another bucket in ap-southeast-2. Which option represents the SIMPLEST way to implement this design?
A. Add an S3 lifecycle rule to move any new files from the bucket in us-east-1 to the bucket in ap-southeast-2.
B. Create a Lambda function to be triggered for every new file in us-east-1 that copies the file to the bucket in ap-southeast-2
C. Use SNS to notify the bucket in ap-southeast-2 to create a file whenever a file is cheated in the bucket in us-east-1.
D. Enable versioning and configure cross-region replication from the bucket in us-east-1 to the bucket in ap-southeast-2.

Answer 173

B. Create a Lambda function to be triggered for every new file in us-east-1 that copies the file to the bucket in ap-southeast-2

Question 174

A Solutions Architect is designing a solution that includes a managed VPN connection. To monitor whether the VPN connection is up or down, the Architect should use:

Answer 174

the CloudWatch TunnelState Metric

Question 175

A media company has deployed a multi-tier architecture on AWS. Web servers are deployed in two Availability Zones using an Auto Scaling group with a default Auto Scaling termination policy. The web servers’ Auto Scaling group currently has 15 instances running.
Which instance will be terminated first during a scale-in operation?

Answer 175

The oldest instance in the group.

Question 176

A Solutions Architect is designing an application that stores objects encrypted in an Amazon S3 bucket. The company’s security requirements state that the encryption key is stored by the organization. Which methods meet this requirement? (Select TWO.)
A. Use S3 server-side encryption with customer-provided keys.
B. Use S3 client-side encryption.
C. Use S3 server-side encryption with Amazon S3 managed keys
D. Use S3 server-side encryption with AWS KMS managed keys.
E. Use S3 server-side encryption with the company’s own keys imported into AWS KMS

Answer 176

A. Use S3 server-side encryption with customer-provided keys.
D. Use S3 server-side encryption with AWS KMS managed keys.

Question 177

A photo-sharing service stores pictures in Amazon Simple Storage Service (S3) and allows application sign-in using an OpenID Connect-compatible identity provider. Which AWS Security Token Service approach to temporary access should you use for the Amazon S3 operations?

Answer 177

Because they are using an using an OpenID Connect-compatible identity provider you will use
Web Identity Federation

Question 178

Which services allow the customer to retain full administrative privileges of the underlying EC2 instances?
Choose 2 answers
A. Amazon Relational Database Service
B. Amazon Elastic Map Reduce
C. Amazon ElastiCache
D. Amazon DynamoDB
E. AWS Elastic Beanstalk

Answer 178

C and E
When you create a web server environment, Elastic Beanstalk creates one or more Amazon Elastic Compute Cloud (Amazon EC2) virtual machines configured to run web apps on the platform that you choose.
You can configure and log into those instances.

Question 179

What sort of consistency does Amazon Glacier provide

Answer 179

Read after write

Question 180

A company is deploying a two-tier, highly available web application to AWS. Which service provides durable storage for static content while utilizing lower overall CPU resources for web tier?
A. Amazon S3
B. Amazon EBS volume
C. Amazon RDS instance
D. Amazon EC2 instance store

Answer 180

Amazon s3

Question 181

An application consists of microservices. The microservices need to communicate asynchronously and the solution must ensure that each message is consumed only once.
Which service should be used?

Answer 181

Amazon SQS

Question 182

A Solutions Architect a VPC. Instances in a private subnet must to be able to establish IPv6 traffic to the Internet. The design must scale automatically and not incur any additional cost.
This can be accomplished with:
A. An egress-only internet gateway
B. A NAT Gateway
C. A custom NAT Instance
D. A VPC endpoint

Answer 182

A. An egress-only internet gateway

Question 183

Which of the following are true regarding AWS Cloud Trail?
Choose 3 answers
A. Cloudtrail is enabled globally
B. Cloudtrail is enabled by default
C. Cloudtrail is enabled on a per-region basis
D. Cloudtrail is enabled on a per-service basis
E. Logs can be delivered to a single Amazon S3 bucket for aggregation
F. Logs can only be processes and delivered to the region in which they are generated

Answer 183

Which of the following are true regarding AWS Cloud Trail?
Choose 3 answers
A. Cloudtrail is enabled globally

C. Cloudtrail is enabled on a per-region basis

E. Logs can be delivered to a single Amazon S3 bucket for aggregation

Question 184

Which load balancers support dynamic port mapping

Answer 184

application load balanced

Question 185

Your company wants to start working with AWS, but has not yet opened an account. With which of the following services should you begin local development?
A. Amazon DynamoDB
B. Amazon Simple Queue Service
C. Amazon Simple Email Service
D. Amazon CloudSearch

Answer 185

A. Amazon DynamoDB

Question 186

Which Auto Scaling features allow you to scale ahead of expected increases in load?
Choose 2 answers
A. Cooldown period
B. Lifecycle hooks
C. Desired capacity
D. Metric-based scaling
E. Health check grace period
F. Scheduled scaling

Answer 186

C. Desired capacity

F. Scheduled scaling

Question 187

You have a web portal composed of two services. Each service musts scale independently. Both services should be served under the same domain.
Which configuration allows this?

Answer 187

Use two AWS Application Load Balancer; one for each service. Assign the same CNAME to both.

Question 188

A Solution Architect is designing a three-tier web application. The Architect wants to restrict access to the database tier to accept traffic from the application servers only. However, these application servers are in an Auto Scaling group and may vary in quantity.
How should the Architect configure the database servers to meet the requirements?
C. Configure the database subnet network ACL to deny all inbound non-database traffic from the applicationtier subnet.
D. Configure the database subnet network ACL to allow inbound database traffic from the application-tier subnet.

Answer 188

• Configure the database subnet network ACL to deny all inbound non-database traffic from the application tier subnet.
• Configure the database subnet network ACL to allow inbound database traffic from the application-tier

Question 189

Your company moved into AWS and created separate AWs accounts per department. To address latency and bandwidth challenges, the company ordered a single AWS Direct Connect circuit. How should you allocate the cost of the data transfer over AWS Direct Connect back to each department ?

Answer 189

Configure virtual interfaces and tag each with the department account number. Use detail usage reports

Question 190

You have launched an Amazon elastic compute cloud (EC2) instance in a VPC with an attached internet gateway. You assigned a public IP address to the Amazon EC2 instance but cannot connect from your on-premises client via SSH. Which of the following may be the cause of the behavior experienced? Choose 2 answers

Answer 190

A. An incorrect security group rule for inbound SSH traffic

B. An incorrect policy in the AWS IAM service

Question 191

What is the difference between an interface VPC endpoint and a gateway VPC endpoint.

Answer 191

An interface VPC endpoint is an elastic network interface that has a private IP address and can be used to communicate with the supported VPC endpoint services. A gateway VPC endpoint is a gateway, on which a router is configured to distribute traffic to cloud services.

Question 192

How do you improve the launch time of new instances in a Auto Scaling group?

Answer 192

Reduce the values of the Default Cooldown and Health Check Grace Period settings for the Auto Scaling group

Question 193

Which of the following techniques should an Amazon DynamoDB customer follow the maximize throughput?
A. Create tables with as few partition keys as possible
B. Create tables with a partition key that has a large number of distinct values requested uniformly
C. Create tables with a partition key that has a small number of distinct values requested uniformly
D. Create tables with only range keys

Answer 193

B. Create tables with a partition key that has a large number of distinct values requested uniformly.

Question 194

A solution architect is designing an application that will encrypt all data in an Amazon Redshift cluster. Which action will encrypt the data at rest?

Answer 194

You can enable encryption when you launch your cluster, or you can modify an unencrypted cluster to use AWS Key Management Service (AWS KMS) encryption. To do so, you can use either an AWS-managed key or a customer-managed key (CMK). When you modify your cluster to enable KMS encryption, Amazon Redshift automatically migrates your data to a new encrypted cluster. Snapshots created from the encrypted cluster are also encrypted.